Microsoft warns that the PATRIOT Act, recent renewed by President Obama, will allow the U.S. to invade EU citizens' private data without notification. (Source: Paramount Pictures)

The revelation could lead the EU to forcing Facebook, Google, Microsoft, and others to adopt isolated hosting in Europe for European services. Currently much of the hosting for European users is handled in America, exposing their data to invasive U.S. laws. (Source: Flickr/TJCrowley)

Senators John McCain (R-Ariz.) and John Kerry (D-Mass.) have proposed a privacy bill that may help fix the awkward standoff. (Source: AP Photo)

Microsoft tipped off the EU about possible data grab

The
European Union (EU) is a little bit upset with the United States federal
government after it caught wind of a possible plan to swipe EU citizens'
private data from cloud service providers, in violation of EU laws. And
the U.S. government can blame software giant Microsoft Corp. (MSFT)
for letting the secret out of the bag.

But the bill, which was renewed for four years by President Barack Obama in
2011, is primarily aimed at gathering intelligence from foreign nations.
In that regard, much of its authorizations deal with "spying"
on foreign nations -- not solely U.S. citizens.

With citizens in the U.S. and Europe increasingly using "the cloud"
-- services from companies like Microsoft, Facebook, Google Inc. (GOOG),
and Apple, Inc. (AAPL)
-- the question becomes how secure these resources are.

While the U.S. does not guarantee the privacy of its citizens online, the EU
has a law titled the Data Protection Directive, which mandates that the EU protect
the privacy of its citizens. The Directive demands that citizens be
informed any time private data is obtained. The problem is that mandate
does little to stop the U.S. from secretly seizing cloud data in the name of
the PATRIOT Act according to warnings from Microsoft and top lawyers.

II. Our Laws Are Greater Than Yours

Microsoft warns that under the PATRIOT Act, it might not only be forced to hand
over EU citizens' data; it might also be forced to do so secretly, without
informing the EU. This would directly violate the privacy protections the
EU promises to enforce.

The company writes, "In a limited number of circumstances, Microsoft may
need to disclose data without your prior consent, including as needed to
satisfy legal requirements, or to protect the rights or property of
Microsoft."

Sophia In't Veld (Netherlands)
an EU parliamentarian, voiced outrage at the prospect, stating, "Does the
Commission consider that the U.S. PATRIOT Act thus effectively overrules the
E.U. Directive on Data Protection? What will the Commission do to remedy this
situation, and ensure that E.U. data protection rules can be effectively
enforced and that third country legislation does not take precedence over E.U.
legislation?"

"I hope Commissioner Reding will respond soon, as this is really a key
issue. Essentially what is at stake is whether Europe can enforce its own laws
in its own territory, or if the laws of a third country prevail. I hope the
Commissioner will ensure that the U.S. and other countries respect E.U. laws in
E.U. territory. I don't think the U.S. would be amused if Europeans (or other
non-U.S. authorities) were to get access to databases located within U.S.
jurisdiction."

The EU and the U.S. already have an agreement called Safe Harbor, which allows
for the sharing of data under certain restrictions such as the promise of
reasonable data security, and clearly defined and effective enforcement.
In these cases the EU is informed of the request, so it can inform the
affected citizens about it.

The problem is that the PATRIOT Act offers a far easier secret backdoor to the
same information. And there's little the EU can do to stop it.

Theo Bosboom, IT lawyer with Dirkzager Lawyers comments, "I'm afraid that
Safe Harbor has very little value anymore, since it came out that it might be
possible that U.S. companies that offer to keep data in a European cloud are
still obliged to allow the U.S. government access to these data on basis of the
PATRIOT Act. Europeans would be better to keep their data in Europe. If a
European contract partner for a European cloud solution, offers the guarantee
that data stays within the European Union, that is without a doubt the best
choice, legally."

That could spell big trouble for companies like Google, Facebook, Microsoft,
and Apple should the EU decide to apply restrictions or mandates to their
services in order to protect its citizens' privacy from foreign powers.
Such restrictions could for the companies to switch to local, isolated
serving to prevent the U.S. from having access to the data. However, such
schemes would be pricey to implement.

The bill has received much resistance from the online data mining and
advertising community, as it suggests the creation of a mandatory opt-out of
data gathering. Such an opt-out could be cost-prohibitive for smaller
sites and could seriously undermine online advertising's profitability.

The bill could also make it harder to use the PATRIOT Act to grab information
without public notification.

States EU Data Protection Commissioner Viviane Reding, "I welcome a draft
Bill of Rights just introduced in the U.S. Congress as a bipartisan initiative
of Democrats and Republicans. The Commission also shares the main objective of
the Bill: strengthening individuals' trust in new technologies through
compatible standards."

A compromise may be reached, but it's doubtful this will be the last we hear of
this controversy.

"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer